From 4ee59ab3ed59475923a1fed0a8a52f5a03799c93 Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Mon, 16 Jul 2012 16:28:47 +0200
Subject: [PATCH] Fix fips module list.
If dracut is build only with fips/fips-aesni (no crypto module),
FIPS mode fails because of missing GCM modules.
Just add proper modules to list (kernel have both maker as FIPS compliant already).
Signed-off-by: Milan Broz <mbroz@redhat.com>
---
modules.d/01fips/module-setup.sh | 2 +-
modules.d/02fips-aesni/module-setup.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 2d238fb..2517964 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -12,7 +12,7 @@ depends() {
installkernel() {
local _fipsmodules _mod
- _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"
+ _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr gcm ghash_generic"
_fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha256_generic sha512 sha512_generic"
_fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"
diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh
index f8fb705..fb4010d 100755
--- a/modules.d/02fips-aesni/module-setup.sh
+++ b/modules.d/02fips-aesni/module-setup.sh
@@ -12,7 +12,7 @@ depends() {
installkernel() {
local _fipsmodules _mod
- _fipsmodules="aesni-intel"
+ _fipsmodules="aesni-intel ghash_clmulni_intel"
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"